More Cyber Professionals At The Pentagon Doesn’t Guarantee Better Security

Community
The entrance to the Department of Defense Cyber Crime Center, in Linthicum, Maryland, Sept. 10, 2014.
AP photo by Manuel Balce Ceneta

It is not yet known if the recent U.S.–China agreement to limit cyber espionage is a meaningful step toward a more secure cyberspace. Without broader reaching, enforceable, and verifiable agreements coupled with a history of compliance, the Internet remains a near lawless and ungoverned battleground. Militaries around the world continue to stockpile cyber weapons and conduct reconnaissance on potential targets. The U.S. is no different and cyber is one of the highest priorities for the Defense Department: even in the age of austerity, U.S. Cyber Command’s budget will double and personnel count will increase to 6,200. While some may laud the expansion of CYBERCOM and other U.S. government entities involved with cybersecurity, before we spend all of this money, we should pause and ask: Will all of these people and funding actually make us better at prosecuting cyber war and defending against cyber attacks?


Unfortunately, the fanciest security system in the world is useless if you don’t lock your front door. All of the investment and talented personnel in the world won’t be of much help if the U.S. government can’t do the basic blocking and tackling such as data encryption and network authentication that is required for cyber defense. The seemingly numerous cyber security breaches, from the 23 million background investigation records exfiltrated during the Office of Personnel Management breach to reports that Russian hackers penetrated Joint Staff email systems, clearly indicates a systemic U.S. government failure to protect its information.

As long as individuals are susceptible to basic social engineering tactics, such as credential theft through “phishing,” and federal agencies with sensitive information such as the IRS can’t answer the simple question of how many servers are on their network, no amount of people or technology will make our networks safer. Adopting better cyber safety practices and making employees internalize them so they become second nature ensures we’re crawling properly before attempting to walk in cyberspace. One thing is for certain, something must change and the current government standard of a yearly archaic half-hour “information awareness” training is just not enough to get people to truly practice safe cyber behavior.

Going beyond the basics, attracting talented programmers, developers, and cybersecurity professionals to work for the U.S. government, particularly the Defense Department, in any capacity has been a noted challenge. Even when new government professionals are brought into the system, the lure of moving to the private sector for double the salary and tech sector perks means that the proposed recruiting bump by the Defense Department is only a temporary band-aid on attrition.

But is this a story purely about incentives? Will paying government hackers and programmers handsomely stem the flow of boots out the door? The simple truth is that it will not. DoD and other agencies should focus less on trying to throw more people at the problem and instead focus more on ensuring that it utilizes and motivates its forces as efficiently as possible. For example, current thinking is mired in the antiquated concept that money is the be-all-end-all motivator; it is better to instead focus on the psychologically intrinsic aspects of motivation rather than the financial ones. Think of intrinsic motivation as three elements, autonomy, mastery, and purpose, according to Daniel Pink’s summation of 40 years of psychological research. Putting purpose up front, service in defense of the nation, and giving these employees and service members the chance to grow under top-quality supervision is the best way to ensure that we have the best cyber corps going forward. This is something that private-sector jobs focused on financial gain simply do not address. How can building the next version of Farmville even compare? Naturally, there are limits to how far intrinsic motivation can go, so salaries should be at least seem “fair” after taking the patriotism discount. But if agency managers think that focusing on compensation will solve all of their problems, they are missing the motivational forest for the trees.

Another critical component that needs attention is making the military, federal and state governments smarter, faster, and more flexible in setting up personnel policies to make it easier for talent to get into needed positions of service, move laterally within government, and grow professionally. This is imperative as internet technology is pervasive and found across all aspects of government and unless cybersecurity talent is distributed across all agencies and organizations. The most comprehensive programs for recruitment and retention are concentrated at CYBERCOM and the NSA, which perpetuate “islands of cyber excellence”  that could “leave non-security departments and agencies potentially vulnerable if they are unable to hire scarce talent,” according to Peter Liebert, co-director of the Truman National Security Project cyber expert group and former DoD senior cyber policy analyst.

The U.S. government is moving forward; however, much more can be done. For example, the military is only now enticing college students to sign up for cyber-specific ROTC initiatives, targeting a group that is increasingly graduating with enormous debt loads. New private sector outreach efforts like the new Silicon Valley office Defense Initiative Unit-Experimental are being extended to cities high in talented human capital and burgeoning tech sectors such as Austin, Pittsburgh, Baltimore, and Philadelphia. This gives DoD the ability to reach college grads with technical abilities who might otherwise have never considered military or government service.

Beefing up the Reserve and National Guard role in cyber defense is another promising plan that should be expanded to allow the military to tap into a technical base that represents the best of both worlds: private-sector opportunities and training while performing a mission vital to the nation’s defense.

Finally, it isn’t enough to focus on the tactical pursuit of line-level personnel, cyber is a strategic challenge as well. The utilization of cyber capabilities as a strategic tool is just as important as writing the latest hacking program. As P.W. Singer and Allan Friedman point out, existing cyber doctrine that emphasizes the superiority of offensive is inadequate because offensives can be both counterproductive and unpredictable and defense is not as weak as assumed. Thinking more clearly about the strategic and tactical use of cyber requires getting past the mantra of “offense rules” and also requires aligning recruitment goals. Right now recruitment is focused somewhat on quality but mostly on quantity. Unfortunately, a great hacker with technological creativity can outperform a thousand mediocre ones, because the mediocre ones will likely all arrive at similar conclusions while the standout ones will come up with novel solutions. The criticality of the internet to both daily life and defense operations mandates that we at least try to get the best people on board and have an employment strategy to match these talents.

WASHINGTON (Reuters) - U.S. President Donald Trump on Sunday told North Korean leader Kim Jong Un to "act quickly" to reach a deal with the United States, in a tweet weighing in on North Korea's criticism of his political rival former Vice President Joe Biden.

Trump, who has met Kim three times since 2018 over ending the North's missile and nuclear programs, addressed Kim directly, referring to the one-party state's ruler as "Mr. Chairman".

In his tweet, Trump told Kim, "You should act quickly, get the deal done," and hinted at a further meeting, signing off "See you soon!"

Read More Show Less

It is impossible to tune out news about the impeachment inquiry into President Donald Trump now that the hearings have become public. And this means that cable news networks and Congress are happier than pigs in manure: this story will dominate the news for the foreseeable future unless Angelina Jolie and Brad Pitt get back together.

But the wall-to-wall coverage of impeachment mania has also created a news desert. To those of you who would rather emigrate to North Korea than watch one more lawmaker grandstand for the cameras, I humbly offer you an oasis of news that has absolutely nothing to do with Washington intrigue.

Read More Show Less

MOSCOW (Reuters) - Russia will return three captured naval ships to Ukraine on Monday and is moving them to a handover location agreed with Kiev, Crimea's border guard service was cited as saying by Russian news agencies on Sunday.

A Reuters reporter in Crimea, which Russian annexed from Ukraine in 2014, earlier on Sunday saw coastguard boats pulling the three vessels through the Kerch Strait toward the Black Sea where they could potentially be handed over to Ukraine.

Read More Show Less

There's a joke that Joey Jones likes to use when he feels the need to ease the tension in a room or in his own head.

To calm himself down, he uses it to remind himself of the obstacles he's had to overcome. When he faces challenges today — big or small — it brings him back to a time when the stakes were higher.

Jones will feel out a room before using the line. For nearly a decade, Jones, 33, has told his story to thousands of people, given motivational speeches to NFL teams and acted alongside a three-time Academy Award-winning actor.

On Tuesday afternoon, he stood at the front of a classroom at his alma mater, Southeast Whitfield High School in Georgia. The room was crowded with about 30 honor students.

It took about 20 minutes, but Jones started to get more comfortable as the room warmed up to him. A student asked about how he deals with post-traumatic stress disorder.

"I believe in post-traumatic growth," Jones said. "That means you go through tough and difficult situations and on the back end through recovery, you learn strength."

Read More Show Less

It didn't take long for a central theme to emerge at the funeral of U.S. Marine Pfc. Joseph Livermore, an event attended by hundreds of area residents Friday at Union Cemetery in Bakersfield.

It's a theme that stems from a widespread local belief that the men and women who have served in the nation's armed forces are held in particularly high esteem here in the southern valley.

"In Bakersfield and Kern County, we celebrate our veterans like no place else on Earth," Bakersfield Chief of Police Lyle Martin told the gathering of mourners.

Read More Show Less